TIAPS Module 1 Audit and Assurance workbook

10.04.2023 Views
C.3 Fraud, IT, and Cybersecurity In providing assurance, internal auditors must be attentive to all relevant risks and their potential to impact organizational objectives and priorities. The IPPF gives particular mention to two key risk areas: fraud and IT. For example, Standard 1210 – Proficiency has the following requirements: 1210.A2 Internal auditors must have sufficient knowledge to evaluate the risk of fraud and the manner in which it is managed by the organization, but are not expected to have the expertise of a person whose primary responsibility is detecting and investigating fraud. 1210.A3 Internal auditors must have sufficient knowledge of key information technology risks and controls and available technology-based audit techniques to perform their assigned work. However, not all internal auditors are expected to have the expertise of an internal auditor whose primary responsibility is information technology auditing. 53 C.3.1 Fraud IIA Internal Audit Competency Framework Fraud: General Awareness: Recognize types of fraud, fraud risk, and red flags for fraud. Applied Knowledge: Evaluate the potential for fraud and how the organization detects and manages fraud risks; recommend controls to prevent and detect fraud and educate to improve the organization’s fraud awareness. Expert: Apply forensic auditing techniques in fraud prevention, deterrence, and investigation. 54 Fraud is referenced seven times in the Standards and is defined as: Any illegal act characterized by deceit, concealment, or violation of trust. These acts are not dependent upon the threat of violence or physical force. Frauds are perpetrated by parties and organizations to obtain money, property, or services; to avoid payment or loss of services; or to secure personal or business advantage. 55 53 The International Professional Practice Framework, The Institute of Internal Auditors, 2016 54 Internal Audit Competency Framework, The IIA, 2022. 55 The International Professional Practice Framework, The Institute of Internal Auditors, 2016 58

Fraud may be perpetrated via measures such as: • Claims for fictitious expenses or duplicate claims. • Use of fake or stolen identity. • Disbursements to fictitious vendors or beneficiaries. • Unwarranted refunds. • Lost or voided checks. • Interception of goods received. • Concealment through false accounting (such as capitalizing expenses, ignoring bad debts, mischaracterizing expenditure as “miscellaneous” or something else, and over- or under-reporting.) • Embezzlement of funds and other resources. All parties within an organization have a responsibility to contribute to fighting fraud. Organizational role Governing body and audit committee Senior management Those with first line roles Those with second line roles Role in fighting fraud • Ultimate responsibility for fraud risk governance. • Lead by example. • Set “tone at the top.” • Ensure there are appropriate fraud risk management structures and processes in place. • Ensure the internal audit plan is sufficiently attentive to fraud risk. • Receive and respond to reports from internal auditing regarding the adequacy and effectiveness of fraud risk management. • Receive and respond to reports from fraud risk experts, examiners, inspectors, external auditors, and others. • Lead by example. • Promote ethical conduct. • Address suspicions of fraud when they surface. • Provide training. • Implement and maintain controls for fraud. • Report incidents of fraud or suspected fraud. • Provide specialist expertise in developing and implementing controls for fraud. • Monitor and analyze the effectiveness of fraud risk management. Internal auditors • Provide independent and objective assurance and advice on the adequacy and effectiveness of fraud risk governance, management, and control. • Map and coordinate fraud risk assurance from internal and external providers. 59

Page 1 and 2: Module 1: Audit and Assurance TIAPS

Page 3 and 4: Table of Contents Module 1: Audit a

Page 5 and 6: Relevant Standards Reference is mad

Page 7 and 8: • Close scrutiny. The activities

Page 9 and 10: A.2 Public Sector Governance IIA In

Page 11 and 12: The need for governance arises for

Page 13 and 14: Although developed for government a

Page 15 and 16: A.3 Governance Models When evaluati

Page 17 and 18: defensive aspects to minimize negat

Page 19 and 20: A.3.3 CIPFA International Framework

Page 21 and 22: 8. Ensure that its arrangements for

Page 23 and 24: • Consideration of overlapping in

Page 25 and 26: A.3: Reflection Which model or mod

Page 27 and 28: Although they are related, the prin

Page 29 and 30: B.1.1 Independence, Objectivity, an

Page 31 and 32: B.1: Reflection Is it possible to

Page 33 and 34: According to The IIA Position Paper

Page 35 and 36: B.2: Reflection When was the last t

Page 37 and 38: When independence or objectivity ar

Page 39 and 40: B.4 Safeguards for Independence and

Page 41 and 42: In other cases, there is no audit c

Page 43 and 44: C. Assurance and Advisory Engagemen

Page 45 and 46: It is common to build an allowance

Page 47 and 48: The following list is taken from Sa

Page 49 and 50: helping managers developing control

Page 51 and 52: C.1.5 Internal Audit Opinions Audit

Page 53 and 54: Leadership and Communication Intern

Page 55 and 56: C.2 Auditing Governance The IIA Sup

Page 57: C.2: Reflection How does your inter

Page 61 and 62: circumstances (unethical and often

Page 63 and 64: Management Issues • Lack of area

Page 65 and 66: Risk management techniques can be a

Page 67 and 68: IT controls may be manual, automate

Page 69 and 70: The IIA’s Cybersecurity Toolkit d

Page 71 and 72: C.3: Reflection Fraud: How are susp

Page 73 and 74: Global Perspectives and Insights -

Page 75: CIPFA: 77 Mansell Street, London E1

audit

governance

auditors

assurance

engagements

governing

controls

objectivity

framework

organizational

tiaps

module

workbook

TIAPS Module 1 Audit and Assurance workbook

Delete template?

Save as template ?